[mirrors]
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.5p1.tar.gz
http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-6.5p1.tar.gz

[main]
filesize=1293187
sha512=8dee8f55a00aed942728a91f0bf0af729589d446e3b7e075950eb214c6a10635ac4d2702dd71b07d705ab0419d5e0537ce7de75daeb7243e8bbbc0f680930734

[deps]
openssl
sshd-service

[build]
# fix implicit declarations
patch -p1 < "$K"/openssh-configure.patch || exit 1
patch -p1 < "$K"/openssh-sys_param.patch || exit 1

# prevent from installing some things (keysign and maybe others) setuid.
sed -i 's@-m 4711@-m 0750@g' Makefile.in

CC="gcc -D_BSD_SOURCE -DMISSING_FD_MASK -DMISSING_NFDBITS" \
CFLAGS="$optcflags" \
  ./configure -C --prefix="$butch_prefix" \
  --sbindir="$butch_prefix"/bin --libexecdir="$butch_prefix"/lib/ssh \
  --sysconfdir="$butch_prefix"/etc/ssh \
  --with-privsep-user=nobody \
  --with-xauth="$butch_prefix"/bin/xauth \
  --with-md5-passwords --with-mantype=man --mandir="$butch_prefix"/share/man \
  --disable-strip --disable-lastlog --disable-utmp --disable-utmpx --disable-btmp \
  --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline || exit 1

mkdir netinet
touch netinet/in_systm.h

sed -i '/USE_BTMP/d' config.h
sed -i '/USE_UTMP/d' config.h
sed -i 's@HAVE_DECL_HOWMANY 1@HAVE_DECL_HOWMANY 0@' config.h

make -j$MAKE_THREADS || exit 1

chown root:root /var/empty
chmod 0755 /var/empty

#key generation is disabled for packaging
#the sshd service will create the keys on service prereqs
make DESTDIR="$butch_install_dir" install-nokeys || exit 1

IS="$K"/bin/install-service
"$IS" --down --log --force openssh "$K"/services/openssh

dest="$butch_install_dir""$butch_prefix"

mv "$dest"/etc/ssh/sshd_config "$dest"/etc/ssh/sshd_config.default || exit 1
cat << 'EOF' > "$dest"/etc/ssh/sshd_config
Port 22
Protocol 2
Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
UsePrivilegeSeparation sandbox
AuthorizedKeysFile  .ssh/authorized_keys
#X11Forwarding yes
AcceptEnv LANG LC_*
Subsystem sftp $butch_prefix/lib/ssh/sftp-server
EOF
